Step 2. Identify product name.

GyoiThon identifies product name installed on web server using following two methods.

1. Based on Machine Learning.By using Machine Learning (Naive Bayes), GyoiThon identifies software based on a combination of slightly different features (Etag value, Cookie value, specific HTML tag etc.) for each software. Naive Bayes is learned using the training data which example below (Training data). Unlike the signature base, Naive Bayes is stochastically identified based on various features included in HTTP response when it cannot be identified software in one feature.

Etag: “409ed-183-53c5f732641c0”

GyoiThon can identify the web server software Apache.This is because GyoiThon learns features of Apache such as “Etag header value (409ed-183-53c5f732641c0). In our survey, Apache use combination of numeral and lower case letters as the Etag value. And, Etag value is separated 4-5 digits and 3-4 digits and 12 digits, final digit is 0 in many cases.Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587;

GyoiThon can identify the CMS Joomla!.This is because GyoiThon learns features of Joomla! such as “Cookie name (f00e6 … 9831e) ” and “Cookie value (0eba9 … 7f587). In our survey, Joomla! uses 32 lower case letters as the Cookie name and Cookie value in many cases.

2. Based on String matching.Of course, GyoiThon can identify software by string matching also used in traditional penetration test tools. Examples are shown below.<script src=”/core/misc/drupal.js?v=8.3.1″></script>

GyoiThon can identify the CMS Drupal.It is very easy.

Step 3. Exploit using Metasploit.GyoiThon executes exploit corresponding to the identified software using Metasploit and it checks whether the software is affected by the vulnerability.